One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks.
Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers.
NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Clause 6(1) of the Bill states that (subject to modification by the Secretary of State) organisations that are classed as public authorities under the Freedom of Information or Freedom of Information (Scotland) Acts will also be "public authorities" for the purposes of the GDPR;

Under Article 6(1) of the GDPR, those public authorities are not permitted to use the legitimate interests basis "in the performance of their tasks";

Instead, by Recital 47, those tasks and their legal basis should be "provide[d] by law";

And, by Clause 7(c) of the Bill, where a task is "conferred on a person by an enactment", the legal basis is that it is necessary in the public interest.

Where an educational institution is performing a task that is specified by law, therefore, the correct legal basis is that it is "necessary in the public interest" (Article 6(1)(e)). Where it is performing a task that is not specified by law (for example protecting the security of networks and systems, as in GDPR Recital 49), then all the other legal bases, including "necessary in the legitimate interests [of the organisation]" are available, subject to their usual GDPR conditions.

As far as I can see, it means you still have the same options as at present. Since that sharing isn't (as far as I know) something that's covered by a specific law with its own processing rules, it's not one of your "tasks" so the GDPR's ban on Legitimate Interest and doubt about Consent don't apply.

Note that David Erdos has pointed me at the case where the ECJ seems to have come up with its idea of a "public authority" working forward from the Treaty - as in today's post, fortunately their concept seems to be the same as I'd come to by working backward from the use of the concept in the GDPR :-)